Let’s encrypt caveats

Following the instructions at https://certbot.eff.org/#ubuntuxenial-apache  didn’t do it for me.   With Apache, it’s always tricky.  I’m currently using a bitnami WordPress EC2 instance, so I had to figure out the certbot stuff.

It was actually not that hard.  As with many command line tools, everything starts with reading the documentation 🙂

The certonly option does the trick!  Always.  Otherwise, the tool tries to be clever and figure out your apache environment (Mmmmm……)

In my case after installing the certbot on ubuntu I issued:

sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apache2/htdocs/   -d www.martinrosselle.com

The webroot is the most important part, this is where the domain verification file is put to automate the certificate issuance (the CA has to know that you are what you pretend to be – at that domain!!)

After a successful command, you simply copy the key material to the correct destination.  In my case I copied the certbot created certificate and private key to my home directory:

sudo cp /etc/letsencrypt/live/www.martinrosselle.com/fullchain.pem .
sudo cp /etc/letsencrypt/live/www.martinrosselle.com/privkey.pem .

After that you simply have to move/copy them to the correct place:

sudo cp fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo cp privkey.pem /opt/bitnami/apache2/conf/server.key

Depending on your WordPress installation above procedure needs to be adapted to the correct paths. But besides that, there is nothing more to it.

Yes, there is, restart your apache : sudo apachectl -k restart

Next post I will cover the automatic rollover…

Leave a Reply

Your email address will not be published. Required fields are marked *